Google goes gimpy from MyDoom infection

Worm variant triggers search paralysis

By Ashlee Vance in Chicago • Get more from this author

Posted in Anti-Virus, 26th July 2004 20:23 GMT

Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server

A variant of the MyDoom worm this morning triggered an unfortunate mini denial of service attack on a number of search engines - most notably Google.

User reports have poured in to The Register noting that numerous searches have turned up nothing but error messages. Google is blaming MyDoom.O for the problem, saying the worm is using search engines to try and find e-mail addresses.

"Once the virus is started, it searched the users files for domain names," said the Internet Storm Center. "Once it spotted a domain name (e.g. '@example.com', or in 'www.example.com'), it will search various search engines for valid e-mail addresses within these domains."

A number of news sites appear to have been hit by denial of service attacks of their own, as readers rushed to spread word of Google's gimpy condition. This is certainly not the backdrop Google desired for its IPO price announcement. Google plans to trade under the ticker symbol GOOG and is looking to make shares available at between $108 and $135 a share.

One Register reader also noticed unusual results coming from Google and Alta Vista on a particular search query. We're getting a Forbidden note on this Google search and a Gone note on this Alta Vista/Yahoo search.

While users throughout the US, UK and France were affected by the search slowdowns, all appeared to be back up and running smoothly by the afternoon. Anti-virus vendors were busy updating their virus definitions to help deal with the problem. ®